diff --git a/odex25_donation/applepay_fast_checkout/controllers/main.py b/odex25_donation/applepay_fast_checkout/controllers/main.py
index c68069d30..a691e6661 100644
--- a/odex25_donation/applepay_fast_checkout/controllers/main.py
+++ b/odex25_donation/applepay_fast_checkout/controllers/main.py
@@ -18,8 +18,13 @@ class ApplePayFastCheckout(Controller):
 
         integrity = requests.get(f'{url}/v1/fastcheckout/integrity').json().get('integrity', '')
 
-        response = request.render("applepay_fast_checkout.apple_pay_iframe", {'hyperpay_src': f"{url}/v1/paymentWidgets.js", 'merchant_id': acquirer_id.applepay_entity_id, 'nonce': nonce, 'integrity': integrity})
-        response.headers['Content-Security-Policy'] = "script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' https://*; worker-src blob: 'self' 'unsafe-inline' 'unsafe-eval' https://*;connect-src 'self' https://* wss://*;frame-src 'self' blob: https://*;"
+        response = request.render("applepay_fast_checkout.apple_pay_iframe", {
+            'hyperpay_src': f"{url}/v1/paymentWidgets.js", 
+            'merchant_id': acquirer_id.applepay_entity_id, 
+            'script_nonce': nonce,  
+            'integrity': integrity
+        })
+        # response.headers['Content-Security-Policy'] = "script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' https://*; worker-src blob: 'self' 'unsafe-inline' 'unsafe-eval' https://*;connect-src 'self' https://* wss://*;frame-src 'self' blob: https://*;"
 
         return response
 
diff --git a/odex25_donation/applepay_fast_checkout/views/applepay_iframe.xml b/odex25_donation/applepay_fast_checkout/views/applepay_iframe.xml
index cce1316f6..3e0d7d694 100644
--- a/odex25_donation/applepay_fast_checkout/views/applepay_iframe.xml
+++ b/odex25_donation/applepay_fast_checkout/views/applepay_iframe.xml
@@ -8,16 +8,16 @@
                     t-attf-content="
                     style-src 'self' https://*.oppwa.com 'unsafe-inline';
                     frame-src 'self' https://*.oppwa.com https://applepay.cdn-apple.com;
-                    script-src 'self' https://*.oppwa.com https://applepay.cdn-apple.com 'nonce-{{nonce}}';
+                    script-src 'self' https://*.oppwa.com https://applepay.cdn-apple.com 'nonce-{{script_nonce}}';
                     connect-src 'self' https://*.oppwa.com;
                     img-src 'self' https://*.oppwa.com;" />
 
                 <script t-att-src="hyperpay_src" t-att-integrity="integrity" crossorigin="anonymous" />
-                <script src="/web/static/lib/jquery/jquery.js" t-att-nonce="nonce" />
-                <script>
+                <script src="/web/static/lib/jquery/jquery.js" t-att-nonce="script_nonce" />
+                <script t-att-nonce="script_nonce">
                     merchant_id = "<t t-esc="merchant_id" />";
                 </script>
-                <script src="/applepay_fast_checkout/static/src/js/applepay_iframe.js" t-att-nonce="nonce"/>
+                <script src="/applepay_fast_checkout/static/src/js/applepay_iframe.js" t-att-nonce="script_nonce"/>
                 <link rel="stylesheet" href="/applepay_fast_checkout/static/src/css/applepay_iframe_content.css" />
             </head>
             <body>